Three Reasons Why Endpoints Cannot Remain A Security Blind Spot

Frontline
, ContributorDispatches on CybersecurityOpinions expressed by Forbes Contributors are their own.

Post written by

Lior Div, CEO and cofounder, Cybereason

Lior Div is cofounder and CEO of Cybereason and an expert in hacking operations, forensics, cryptography and evasion.

In an age when security teams are under great pressure to protect their organization from a growing cyber threat, it is critical to defend all aspects of your company. In his recent article in Network World, Jon Oltsik discussed the importance of endpoint security, while revealing the fact that many security teams neglect their endpoints, and instead focus on network security.

Your endpoints are at risk when network security solutions are prioritized. Moreover, many fail to understand that endpoints are the most valuable source of information for real-time detection and response to cyberattacks. Here are three reasons why companies should not disregard their endpoints.

1. Endpoint visibility increases the chances of early detection

Hackers recognize that the best way to carry out a cyberattack is to live on the endpoints. Endpoints are notorious for having major weak points: endpoints are known to be underprotected, versatile, and constantly linked to error-prone humans. These vulnerabilities increase a hacker's success rate, and they target endpoints because of this. In fact, a 2014 study conducted by Ponemon Institute LLC, revealed that 40% of respondents stated that their endpoints were the entry point of an attack while 71% stated that endpoint threats were more difficult than ever to suppress.

Even the most devastating attacks start small. Although a hacker's end-goal is to obtain more lucrative information, they know that this information is very controlled in well-defended servers; therefore, hackers always prey on the least secure devices, i.e. endpoints, and then escalate their privileges to access company servers.

Because compromising an endpoint is a hacker's early move, continuously monitoring your endpoints can help you detect a breach in its most immature state, when the least amount of damage has occurred.

2. Endpoints can eliminate false positives

Attackers make an effort to appear legitimate to the various security systems. To do so, hackers will leverage endpoints to gather intelligence about the targeted organization. Learning company operations and employee behavior enables them to better ingrain themselves into a system without being detected, as they appear to be legitimate users.

Hackers also know that users make mistakes and do not always follow normal patterns; therefore, hacker activity can easily resemble employee behavior. As a result, many security solutions will produce irrelevant notifications, that do not necessarily indicate hacker activity and instead overwhelm security experts.

For example, a failed login attempt may seem suspicious at first glance, but in reality be a busy employee. Because endpoint data can expose whether there was keyboard or mouse activity at the time of the failed login, security personnel can easily decipher between a benign mistake and hacker activity.

The only way that security teams can differentiate between user activity and a hacker in disguise is looking at all surrounding activity.

3. Endpoints help you connect the dots

Because endpoint solutions are deployed on every machine, you have the capability to oversee the entire IT environment. In this way, endpoints give you the visibility to understand the connection between multiple malicious acts and give you the chance to respond most efficiently.

For example, hackers are known to use a software-pairing technique, where they install multiple malwares in order to protect and maintain their control. While most malware detection tools may detect these as isolated events and not a single operation, security personnel are at risk of failing to remove the entire attack. When this happens, hackers continue to collect information and move closer to the servers.

Mainly focusing on monitoring your company network will create large blind spots when, for example, a BYOD employee switches to another network, working from home or at a coffee shop. These inconsistencies will not allow you to understand the entirety of an attack, while endpoint data always reflects all activity.

Endpoints will provide you with the ability to understand a hacker's entire campaign, and enable you to get rid of it entirely.